Versatile OpenID Connect stack for ASP.NET Core and Microsoft.Owin (compatible with ASP.NET 4.6.1)

dotnet aspnetcore oauth2 openidconnect

Kévin Chalet f1c09dc454 Update the Set*EndpointUris methods to block relative paths starting with ~		6 years ago
.github	Port the workflow changes from aspnet-contrib	6 years ago
eng	Update Versions.props to build 3.0.0-beta3 packages	6 years ago
samples	Translate all the error messages into French and remove the duplicate .resx entries	6 years ago
shared/OpenIddict.Extensions	Move OpenIddictResources to the OpenIddict.Abstractions root namespace	6 years ago
src	Update the Set*EndpointUris methods to block relative paths starting with ~	6 years ago
test	Update the Set*EndpointUris methods to block relative paths starting with ~	6 years ago
.gitattributes	Set up the initial project structure	10 years ago
.gitignore	Send integration test logs to xUnit output	6 years ago
Build.cmd	Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade	7 years ago
Directory.Build.props	Translate all the error messages into French and remove the duplicate .resx entries	6 years ago
Directory.Build.targets	Update the entire codebase to use IStringLocalizer/ResourceManager	6 years ago
Directory.Packages.props	Remove the global JetBrains.Annotations package reference	6 years ago
LICENSE.md	Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade	7 years ago
NuGet.config	Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1	6 years ago
OpenIddict.sln	Move the OfficialBuildId computation logic to build.yml	6 years ago
README.md	Update README.md	6 years ago
build.sh	Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade	7 years ago
global.json	Bump the .NET SDK/runtime and the ASP.NET Core/.NET Platform Extensions packages	6 years ago
package-icon.png	Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1	6 years ago

README.md

OpenIddict

The OpenID Connect stack you'll be addicted to.

What's OpenIddict?

OpenIddict aims at providing a versatile solution to implement an OpenID Connect server and token validation in any ASP.NET Core 2.1, 3.1 and 5.0 application, and starting in OpenIddict 3.0, any ASP.NET 4.x or OWIN application too.

OpenIddict fully supports the code/implicit/hybrid flows, the client credentials/resource owner password grants and the device authorization flow. You can also create your own custom grant types.

OpenIddict natively supports Entity Framework Core, Entity Framework 6 and MongoDB out-of-the-box, but you can also provide your own stores.

I want something simple and easy to configure

Developers looking for a simple and turnkey solution are strongly encouraged to use OrchardCore and its OpenID module, which is based on OpenIddict, comes with sensible defaults and offers a built-in management GUI to easily register OpenID client applications.

Getting started

To implement a custom OpenID Connect server using OpenIddict, the simplest option is to clone one of the official samples from the openiddict-samples repository:

Documentation

The documentation for the latest stable release (2.0.1) can be found in the dedicated repository.

Compatibility matrix

Web framework version	.NET runtime version	OpenIddict 2.0	OpenIddict 2.0.1	OpenIddict 3.0
ASP.NET Core 2.1	.NET Framework 4.6.1	✔️ ℹ️	✔️ ℹ️	✔️ ℹ️
ASP.NET Core 2.1	.NET Framework 4.7.2	✔️	✔️	✔️
ASP.NET Core 2.1	.NET Framework 4.8	✔️	✔️	✔️
ASP.NET Core 2.1	.NET Core 2.1	✔️	✔️	✔️

ASP.NET Core 3.1	.NET Core 3.1	⚠️	✔️	✔️

ASP.NET Core 5.0	.NET 5.0	⚠️	✔️	✔️

OWIN/Katana 4.1	.NET Framework 4.6.1	❌	❌	✔️ ℹ️
OWIN/Katana 4.1	.NET Framework 4.7.2	❌	❌	✔️
OWIN/Katana 4.1	.NET Framework 4.8	❌	❌	✔️

ℹ️ Note: the following features are not available when targeting .NET Framework 4.6.1:

X.509 development encryption/signing certificates: calling AddDevelopmentEncryptionCertificate() or AddDevelopmentSigningCertificate() will result in a PlatformNotSupportedException being thrown at runtime if no valid development certificate can be found and a new one must be generated.
X.509 ECDSA signing certificates/keys: calling AddSigningCertificate() or AddSigningKey() with an ECDSA certificate/key will always result in a PlatformNotSupportedException being thrown at runtime.

Resources

Looking for additional resources to help you get started with 3.0? Don't miss these interesting blog posts:

Posts written for previous versions of OpenIddict:

Implementing an OpenIddict Authorization server: Social Login with GitHub by Jerrie Pelser
Implementing an OpenIddict Authorization server: A Basic Authorization Server by Jerrie Pelser
Implementing simple token authentication in ASP.NET Core with OpenIddict by Kévin Chalet
Bearer Token Authentication in ASP.NET Core by Mike Rousos (for the Microsoft .NET Web Development and Tools blog)
Creating your own OpenID Connect server with ASOS by Kévin Chalet
Using OpenIddict to easily add token authentication to your .NET web apps by Josh Comley

Support

Need help or wanna share your thoughts? Don't hesitate to join us on Gitter or ask your question on StackOverflow:

Gitter: https://gitter.im/openiddict/openiddict-core
StackOverflow: https://stackoverflow.com/questions/tagged/openiddict

Contributors

OpenIddict is actively maintained by Kévin Chalet. Contributions are welcome and can be submitted using pull requests.

Special thanks to the following sponsors for their incredible support:

David Hamilton from DAM Good Media
Christopher McCrum from Data Citadel

License

This project is licensed under the Apache License. This means that you can use, modify and distribute it freely. See http://www.apache.org/licenses/LICENSE-2.0.html for more details.